This application relates generally to data processing and, more particularly, to programmable units for metadata processing.
Today's computer systems are notoriously hard to secure. Conventional processor architectures, for example, allow various behaviors, such as buffer overflows, pointer forging and the like, which violate higher level abstractions. Closing the gap between programming language and hardware may be left to software, where the cost of enforcing airtight abstractions is often deemed too high.
Some recent efforts have demonstrated the value of propagating metadata during execution to enforce policies that catch safety violations and malicious attacks as they occur. These policies can be enforced in software but typically incur high, undesirable overheads, such as in performance and/or costs, that discourage their deployment or other motivate coarse approximations providing less protection. Hardware support for fixed policies may reduce overhead to acceptable levels and prevent a large portion of undesired code violations, such as may be performed by malicious code or malware attacks. For example, Intel recently announced hardware for bounds checking and isolation. While these mitigate many of today's attacks, fully securing systems will require more than memory safety and isolation. Attacks rapidly evolve to exploit any remaining forms of vulnerability.